SWIFT says that it was aware of "a number of recent cyber incidents" where attackers had sent fraudulent messages over its system, warned the global financial network that banks use to transfer billions of dollars every day.
Te scheme involved altering SWIFT software on Bangladesh Bank's computers to hide evidence of fraudulent transfers, SWIFT has acknowledged.
The fact that Bangladesh Bank attack was not an isolated incident but one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions was evident from the statement from SWIFT and this was the first acknowledgement of the matter.
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters.
There was no disclosure of the name any victims or the value of any losses from the previously undisclosed attacks in the warning which SWIFT issued in a confidential alert sent over its network. SWIFT confirmed about the authenticity of the notice ot the media.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a cooperative owned by 3,000 financial institutions.
British defense contractor BAE Systems suggested that hackers manipulated SWIFT's Alliance Access server software, which banks use to interface with SWIFT's messaging platform, to cover their tracks.
Saying that in most cases the modus operandi was similar, SWIFT provided some evidence about how that happened in its note to customers.
It said the attackers submitted fraudulent messages by impersonating those people after they obtained valid credentials for operators authorized to create and approve SWIFT messages.
The same group behind that hack had probably attacked other financial targets said FireEye, the internet security company whose Mandiant unit was hired by Bangladesh Bank to help investigate the heist.
"FireEye has observed activity in other financial services organizations that is likely by the same threat actor behind the cyber attack on the Bank of Bangladesh," Vivek Chudgar, Mandiant's senior director for the Asia Pacific said in a statement emailed to Reuters.
The other attacks that SWIFT referred to were not discussed by Rakesh Asthana, the World Informatix Cyber Security CEO, who is overseeing Bangladesh Bank's probe into the hack. However in order to make sure their networks are secure and prevent future attacks, he did urge banks to conduct independent security assessments.
“SWIFT builds on security practices established by the customer itself and therefore it is imperative that in the wake of this attack, customers using SWIFT Alliance Access must strengthen their cyber security posture,” Asthana said
As SWIFT's banking clients look to see if their SWIFT access has been compromised, more attacks could surface, said cyber security experts.
Hackers were turning to SWIFT and other private financial messaging platforms because such attacks can generate more revenue than going after consumers or small businesses, said Shane Shook, a banking security consultant who investigates large financial crime.
"These hacks specifically target financial institutions because smaller efforts result in much larger thefts. It's much more efficient than stealing from consumers," he said.
(Source:www.reuters.com)
Te scheme involved altering SWIFT software on Bangladesh Bank's computers to hide evidence of fraudulent transfers, SWIFT has acknowledged.
The fact that Bangladesh Bank attack was not an isolated incident but one of several recent criminal schemes that aimed to take advantage of the global messaging platform used by some 11,000 financial institutions was evident from the statement from SWIFT and this was the first acknowledgement of the matter.
"SWIFT is aware of a number of recent cyber incidents in which malicious insiders or external attackers have managed to submit SWIFT messages from financial institutions' back-offices, PCs or workstations connected to their local interface to the SWIFT network," the group warned customers on Monday in a notice seen by Reuters.
There was no disclosure of the name any victims or the value of any losses from the previously undisclosed attacks in the warning which SWIFT issued in a confidential alert sent over its network. SWIFT confirmed about the authenticity of the notice ot the media.
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is a cooperative owned by 3,000 financial institutions.
British defense contractor BAE Systems suggested that hackers manipulated SWIFT's Alliance Access server software, which banks use to interface with SWIFT's messaging platform, to cover their tracks.
Saying that in most cases the modus operandi was similar, SWIFT provided some evidence about how that happened in its note to customers.
It said the attackers submitted fraudulent messages by impersonating those people after they obtained valid credentials for operators authorized to create and approve SWIFT messages.
The same group behind that hack had probably attacked other financial targets said FireEye, the internet security company whose Mandiant unit was hired by Bangladesh Bank to help investigate the heist.
"FireEye has observed activity in other financial services organizations that is likely by the same threat actor behind the cyber attack on the Bank of Bangladesh," Vivek Chudgar, Mandiant's senior director for the Asia Pacific said in a statement emailed to Reuters.
The other attacks that SWIFT referred to were not discussed by Rakesh Asthana, the World Informatix Cyber Security CEO, who is overseeing Bangladesh Bank's probe into the hack. However in order to make sure their networks are secure and prevent future attacks, he did urge banks to conduct independent security assessments.
“SWIFT builds on security practices established by the customer itself and therefore it is imperative that in the wake of this attack, customers using SWIFT Alliance Access must strengthen their cyber security posture,” Asthana said
As SWIFT's banking clients look to see if their SWIFT access has been compromised, more attacks could surface, said cyber security experts.
Hackers were turning to SWIFT and other private financial messaging platforms because such attacks can generate more revenue than going after consumers or small businesses, said Shane Shook, a banking security consultant who investigates large financial crime.
"These hacks specifically target financial institutions because smaller efforts result in much larger thefts. It's much more efficient than stealing from consumers," he said.
(Source:www.reuters.com)
